ApplnNo. 10/780,098 
Amendment dated December 20, 2007 
Reply to Office Action of September 20, 2007 
Docket No. BOC9-2003-0087 (458) 

Amendments to the Claims: 

This listing of claims will replace all prior versions and listings of claims in the instant 
application: 

Listing of Claims; 

1. (Currently Amended) A method of permitting controlled access to medical 
information of a patient, the method comprising: 

establishing a storage means for containing storing the medical information of the 
patient : 

establishing a means for accessing the medical information by the patient or any 
other authorized user ; and 

controlling the means for accessing an authorization and a scope of access to the 
medical information by the patient according to a type of entity an assigned role of a user 
accessing the medical informatio n, wherein access is limited according to the type of 
entity by modifying an access control list; 

wherein the access control list lists each authorized user and the assigned role of 
each authorized user . 

2. (Original) The method of claim 1, wherein the storage means is a central 
repository. 

3. (Original) The method of claim 1, wherein the means for accessing the medical 

information is controlled using a universally unique identifier. 

4. (Original) The method of claim 1, wherein said controlling step is overridden by a 
registered emergency provider, 
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5. (Original) The method of claim 1, said controlling step further comprising 
notifying a patient that their medical information has been accessed. 

6. (Currently Amended) A machine-readable storage having stored thereon, a 
computer program having a plurality of code sections, said code sections executable by a 

machine for causing the machine to perform the steps of: 

establishing a storage means for containing storing the medical information of the 
patient ; 

establishing a means for accessing the medical information by the patient or any 
other authorized user ; and 

controlling the means for accessing an authorization and a scope of access to the 
medical information by the patient according to a type of entity an assigned role of a user 
accessing the medical informatio n, wherein access is limited according to the type of 
entity by modifying an access control list; 

wherein the access control list lists each authorized user and the assigned role of 
each user . 

7. (Original) The machine-readable storage of claim 6, wherein the storage means is 
a central repository. 

8. (Original) The machine-readable storage of claim 6, wherein the means for 
accessing the medical information is controlled usmg a universally unique identifier. 

9. (Original) The machine-readable storage of claim 6, wherein said controlling step 
is overridden by a registered emergency provider. 
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10. (Original) The machine-readable storage of claim 6, said controlling step further 
comprising notifying a patient that their medical information has been accessed. 

11. (Currently Amended) A system for permitting controlled access to medical 
information of a patient, the system comprising: 

storage means for containing storing medical information of the patient : 
means for accessing the medical information bv the patient or any other authorized 
user; and 

means for controlling an authorization and a scope of access to said means for 
accessing the medical inforaiation by the patient according to a t>^pe of entity an assigned 
role of a user accessing the medical informatio n, wherein access is limited according to 
the tv^pe of entity bv modifying an access control list: 

wherein the access control list lists each authorized user and the assigned role of 
each authorized . 

12. (Original) The system of claim 11, wherein the storage means is a central 
repository. 

13. (Original) The system of claim 11, wherein the means for controlling the means 
for accessing the medical information comprises a unique identifier. 

14. (Original) The system of claim 11, wherein said means for controlling the access 
of the medical information may be overridden by registered emergency providers. 
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15. (Original) The system of claim 1 1, wherein said means for controlling the access 
of the medical information further includes means for notifying a patient that their 
medical information has been accessed. 

16. (New) The method of claim 1, wherein the patient is compensated for permitting 
some of the medical information to be available and used by a research institution. 

17. (New) The method of claim 1, wherein during a doctor visit the patient provides 
access to the medical information for a time period long enough to support the visit at 
which point the access times out. 

18. (New) The method of claim 1, wherein access to the patient's medical information 
expires when a physician logs into another room/appointment. 

19. (New) The method of claim 1, further comprising: 
assigning each user with a unique ID and pin, and 

tracking and notifying the patient of who accessed the medical information, what 
was accessed and when was access taken place. 
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